Network Device Testing

Given the dependence on network devices such as firewalls, routers, switches and Intrusion Detection Systems (IDS) to maintain security, clients commonly request that these solutions are subject to further review, over and above that offered by an infrastructure penetration test. With direct access to these systems, our consultants can conduct a comprehensive review evaluating all aspects of the configuration that can impact security; how the firewall has been set up, the software versions in use and the modules that have been added. For firewalls and similar devices, the exercise can be extended to cover a review of the rule base. For solutions that provide alerting, blocking or filtering (IDS, IPS, application firewalls, etc.), Cryptum can conduct controlled testing to evaluate the effectiveness of these systems. The type of testing covers the fundamental abilities of the system, the configuration that has been applied and how security staff interpret and respond to alerts. Whilst designed for live networks, this type of testing is equally applicable to systems under evaluation.

Benefits of network device testing

A Network device testing will give IT management a clear understanding as to whether the current design, architecture and network performance is meeting business requirements and needs.

Network device testing will provide sound recommendations on how to overcome network issues and present a clear plan for moving forward.

Ensures device configurations conform to industry best practices.

Provides assurances that critical access control mechanisms are in place, aligned with prevailing good practice, and operating as intended.

Provides a measure of assurance that those systems and applications that are reliant upon the devices are secured in accordance with their expectation.

Above all, your company will benefit from having a recorded, in-depth analysis of the existing network infrastructure for future reference.

VPN Security Assessment

If your business runs a Virtual Private Network (VPN) to allow remote users to connect to the network, there is a risk that outside threats could use it as an entry point into your internal network. Virtual Private Network (VPN) assessments provide an assurance of the integrity and confidentiality of a network, implied by their presence and use. It is imperative that confidence in the security infrastructure is not impaired by an extension of the trust boundaries outside the organisation’s physical perimeter. In a VPN implementation, remote systems are provided with a secure route for internal network access. Potentially, such access is obtained from physically insecure locations. This network presence; coupled with potential flaws in authentication mechanisms, implementation framework or configuration state; could result in the compromise of network boundaries from an external VPN endpoint. Such a compromise may lead to the VPN becoming a conduit for an attack on the organisation’s internal network infrastructure.

Why perform a VPN security assessment?

• To identify firewall configuration vulnerabilities, determines if there are any vulnerabilities inherent in the network devices and highlights general issues with the architecture.

• To verify the security of both, your SL based VPN and your IPsec based VPN.

• To verify that you have end-to-end security and not just an encrypted tunnel.

• Prevent hackers from using your VPN as a tunnel to your internal network.

• To verify the security of both, your SSL based VPN and your IPSec based VPN.

VoIP and Telephony assessment

The convergence of voice, data, and video, provides organisations with welcome cost savings. The robustness of the telephony system in isolation is a significant concern; there are a range of threats to the confidentiality, availability and integrity of the telephony system and testing evaluates all of these. Testing typically includes reviewing handsets, soft-phones, the telephony servers and a range of network layer activities to fully understand whether the telephony system can be considered secure and reliable. The need to segregate voice services from the traditional corporate network is well publicised and this is the second area of attention. The method of segregation (commonly VLANs) will be subject to review, as will any servers that bridge both data and voice networks to ensure that they are capable of maintaining the required level of segregation. The type of testing conducted will be dictated by the nature of the solution and in addition to telephony specific skills, tests may include elements of wireless testing, infrastructure penetration testing, application testing, build reviews, remote access testing and more. The mission critical nature of voice services is not lost on Cryptum and neither are the challenges of the multipartite ownership of voice services. Cryptum will work with all parties to develop a test plan that meets the needs of all involved, which can include out of hours testing where appropriate.

Why perform VoIP and Telephony assessment?

• Address government and industry regulatory compliance requirements.

• Discover Telephony network vulnerabilities and risks to your business systems.

• Validate the effectiveness of current security safeguards.

• Identify remediation steps to help prevent network compromise.

Social engineering testing

Security practitioners have always understood the relationship between security controls and the people that operate or otherwise interact with them. Cryptum has a long track-record of working with clients to understand where security controls are weakened or inadvertently bypassed through human interaction. Social engineering is one evaluation strategy in this space, with options for on-site, telephone and Internet based exercises. Example exercises include attempting to gain access to premises and conducting controlled phishing attacks. Social engineering testing isn’t the only way to evaluate the human impact on security and it can be combined with audit, interviews and other exercises to provide a clear picture of human derived security weaknesses.

Benefits of social engineering testing

• Identifies weaknesses within the organization.

• Measures the effectiveness of your security awareness programs.

• An understanding of real-world risks posed to the organization from the perspective of an attacker, going beyond the limitations of automated scanning.

Fire wall Testing

The Firewall Assessment covers a comprehensive review of all aspects of a firewall configuration, not just the Firewall rules. A firewall is a keystone part of the network defence; it is critical to ensure that they are securely configured and that the rule-base is free of infinite loops or duplicate/unused entries.

The Firewall Assessment, (depending on the device functionality), will include an examination of:

• Firewall rules

• Firewall build

The elements of the rules review include:

• Insecure rules with any to any instances

• Overly permissive rules that enable too great a degree of access between hosts via various protocols

• Insecure configuration of VPN’s, radius or other key services

• Insecure device configurations

• Insecure admin access configurations

• Inadequate or no logging

• Insecure encryption methods

• Duplicate or unused rules

Web Application Test

The Web Application Assessment is designed to test a web application or a web service for security vulnerabilities. This assessment involves the investigation of all aspects of the Web Application logic and its implementation. The methodology follows the good practices of the OWASP Testing Guide (, which some of our consultants have co-authored and that has become one of the international de-facto standards for security testing of a Web Applications. The test team will combine both automated and manual testing using both commercial and open source tools. Our Test Team will, if necessary, write tools such as web service clients, SQL injection scripts and what ever may be needed, on the fly, to make sure each aspect of an attack is tested to the fullest extent possible. The following categories will be interrogated during a Web application assessment, including, but not limited to: • SQL Injection • Cross-Site Scripting (XSS) • Cross-Site Request Forgery (CSRF) • Code Injection • XPath Injection • LDAP Injection • File Inclusion • Code Execution • Directory Traversal • Script Source Code Disclosure • CRLF Injection • Cross Frame Scripting (XFS) • Internal Path Disclosures • Cookie Manipulation • Arbitrary File creation/modification/deletion • Email Injection • URL redirection Graphical representation of our internal methodology

Please find below a graphical representation of our internal methodology when performing a web application assessment.

Wireless Testing

Configuration and implementation problems can lead to unauthorised access to sensitive information or networks; often without the intruder even setting foot inside a building. Therefore, wireless networks require close monitoring and periodic assessments to mitigate the exposure to security threats. The purpose of a wireless assessment is to interrogate a wireless infrastructure, and to provide assurance that it cannot be used to compromise the integrity and confidentiality of an organisations network or data. In most cases the footprint of a wireless network will extend beyond the desired area. This effectively extends the network boundary beyond the physical boundary of private premises and into public space. The majority of mobile devices supplied today have wireless connectivity hardware enabled by default. An attacker can use such a wireless interface as a beachhead for further attacks into the wired corporate network infrastructure. Whilst attacks against wireless networks have received less media attention of late, the attack vectors that gained notoriety throughout the last decade remain present and demand attention. Cryptum’ approach provides options for testing the full range of threats to a corporate wireless network, including authentication, encryption, segregation of guest and corporate services, the ability to compromise wireless clients and wireless denial of service testing.

Why perform a wireless assessment?

• To execute a real-world attack on infrastructure and understand the level of risk that exists at a single moment in time.

• To better identify and validate all security vulnerabilities associated with your Internet-facing environment.

• To understand the level of risk for your organization compared to similar companies.

Powered by JEMSLAB

University of Nairobi